X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fmeta.c;h=45f27622394396a3c3022bbbc11e27f96b8923f0;hp=a32d413776d1f7781f5076dc24b7bf7808d62337;hb=19c0337c4cac78dc302d5a1f637dcad45785a6e3;hpb=e5b1b5cefb82531e8a700c2ee251da1bb0a06fbf diff --git a/src/meta.c b/src/meta.c index a32d4137..45f27622 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,7 +1,8 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2006 Guus Sliepen , + Copyright (C) 2000-2016 Guus Sliepen , 2000-2005 Ivo Timmermans + 2006 Scott Lamb This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -13,11 +14,9 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id$ + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ #include "system.h" @@ -31,17 +30,20 @@ #include "meta.h" #include "net.h" #include "protocol.h" +#include "proxy.h" #include "utils.h" #include "xalloc.h" -bool send_meta(connection_t *c, const char *buffer, int length) -{ +bool send_meta(connection_t *c, const char *buffer, int length) { int outlen; int result; - cp(); + if(!c) { + logger(LOG_ERR, "send_meta() called with NULL pointer!"); + abort(); + } - ifdebug(META) logger(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, + ifdebug(META) logger(LOG_DEBUG, "Sending %d bytes of metadata to %s (%s)", length, c->name, c->hostname); if(!c->outbuflen) @@ -60,14 +62,22 @@ bool send_meta(connection_t *c, const char *buffer, int length) /* Add our data to buffer */ if(c->status.encryptout) { + /* Check encryption limits */ + if(length > c->outbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname); + return false; + } else { + c->outbudget -= length; + } + result = EVP_EncryptUpdate(c->outctx, (unsigned char *)c->outbuf + c->outbufstart + c->outbuflen, &outlen, (unsigned char *)buffer, length); if(!result || outlen < length) { - logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), + logger(LOG_ERR, "Error while encrypting metadata to %s (%s): %s", c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; } else if(outlen > length) { - logger(LOG_EMERG, _("Encrypted data too long! Heap corrupted!")); + logger(LOG_EMERG, "Encrypted data too long! Heap corrupted!"); abort(); } c->outbuflen += outlen; @@ -79,30 +89,27 @@ bool send_meta(connection_t *c, const char *buffer, int length) return true; } -bool flush_meta(connection_t *c) -{ +bool flush_meta(connection_t *c) { int result; - ifdebug(META) logger(LOG_DEBUG, _("Flushing %d bytes to %s (%s)"), + ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s)", c->outbuflen, c->name, c->hostname); while(c->outbuflen) { result = send(c->socket, c->outbuf + c->outbufstart, c->outbuflen, 0); if(result <= 0) { if(!errno || errno == EPIPE) { - ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), + ifdebug(CONNECTIONS) logger(LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname); } else if(errno == EINTR) { continue; -#ifdef EWOULDBLOCK - } else if(errno == EWOULDBLOCK) { - ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Flushing %d bytes to %s (%s) would block"), + } else if(sockwouldblock(sockerrno)) { + ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", c->outbuflen, c->name, c->hostname); return true; -#endif } else { - logger(LOG_ERR, _("Flushing meta data to %s (%s) failed: %s"), c->name, - c->hostname, strerror(errno)); + logger(LOG_ERR, "Flushing meta data to %s (%s) failed: %s", c->name, + c->hostname, sockstrerror(sockerrno)); } return false; @@ -116,13 +123,10 @@ bool flush_meta(connection_t *c) return true; } -void broadcast_meta(connection_t *from, const char *buffer, int length) -{ +void broadcast_meta(connection_t *from, const char *buffer, int length) { avl_node_t *node; connection_t *c; - cp(); - for(node = connection_tree->head; node; node = node->next) { c = node->data; @@ -131,15 +135,12 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) } } -bool receive_meta(connection_t *c) -{ +bool receive_meta(connection_t *c) { int oldlen, i, result; int lenin, lenout, reqlen; bool decrypted = false; char inbuf[MAXBUFSIZE]; - cp(); - /* Strategy: - Read as much as possible from the TCP socket in one go. - Decrypt it. @@ -153,13 +154,13 @@ bool receive_meta(connection_t *c) if(lenin <= 0) { if(!lenin || !errno) { - ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), + ifdebug(CONNECTIONS) logger(LOG_NOTICE, "Connection closed by %s (%s)", c->name, c->hostname); - } else if(errno == EINTR) + } else if(sockwouldblock(sockerrno)) return true; else - logger(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), - c->name, c->hostname, strerror(errno)); + logger(LOG_ERR, "Metadata socket read error for %s (%s): %s", + c->name, c->hostname, sockstrerror(sockerrno)); return false; } @@ -168,12 +169,31 @@ bool receive_meta(connection_t *c) c->buflen += lenin; while(lenin > 0) { + reqlen = 0; + + /* Is it proxy metadata? */ + + if(c->allow_request == PROXY) { + reqlen = receive_proxy_meta(c, oldlen, lenin); + if(reqlen < 0) + return false; + goto consume; + } + /* Decrypt */ if(c->status.decryptin && !decrypted) { + /* Check decryption limits */ + if(lenin > c->inbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname); + return false; + } else { + c->inbudget -= lenin; + } + result = EVP_DecryptUpdate(c->inctx, (unsigned char *)inbuf, &lenout, (unsigned char *)c->buffer + oldlen, lenin); if(!result || lenout != lenin) { - logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), + logger(LOG_ERR, "Error while decrypting metadata from %s (%s): %s", c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; } @@ -185,36 +205,32 @@ bool receive_meta(connection_t *c) if(c->tcplen) { if(c->tcplen <= c->buflen) { - receive_tcppacket(c, c->buffer, c->tcplen); + if(c->allow_request != ALL) { + logger(LOG_ERR, "Got unauthorized TCP packet from %s (%s)", c->name, c->hostname); + return false; + } - c->buflen -= c->tcplen; - lenin -= c->tcplen - oldlen; - memmove(c->buffer, c->buffer + c->tcplen, c->buflen); - oldlen = 0; + receive_tcppacket(c, c->buffer, c->tcplen); + reqlen = c->tcplen; c->tcplen = 0; - continue; - } else { - break; } - } - - /* Otherwise we are waiting for a request */ - - reqlen = 0; - - for(i = oldlen; i < c->buflen; i++) { - if(c->buffer[i] == '\n') { - c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ - reqlen = i + 1; - break; + } else { + /* Otherwise we are waiting for a request */ + + for(i = oldlen; i < c->buflen; i++) { + if(c->buffer[i] == '\n') { + c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ + c->reqlen = reqlen = i + 1; + break; + } } - } - if(reqlen) { - c->reqlen = reqlen; - if(!receive_request(c)) + if(reqlen && !receive_request(c)) return false; + } +consume: + if(reqlen) { c->buflen -= reqlen; lenin -= reqlen - oldlen; memmove(c->buffer, c->buffer + reqlen, c->buflen); @@ -226,12 +242,10 @@ bool receive_meta(connection_t *c) } if(c->buflen >= MAXBUFSIZE) { - logger(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + logger(LOG_ERR, "Metadata read buffer overflow for %s (%s)", c->name, c->hostname); return false; } - c->last_ping_time = now; - return true; }